EP2851838A1 - Verfahren und Vorrichtung für Sicherheitsdomänenverwaltung in einer vertrauten Ausführungsumgebung - Google Patents
Verfahren und Vorrichtung für Sicherheitsdomänenverwaltung in einer vertrauten Ausführungsumgebung Download PDFInfo
- Publication number
- EP2851838A1 EP2851838A1 EP14185981.9A EP14185981A EP2851838A1 EP 2851838 A1 EP2851838 A1 EP 2851838A1 EP 14185981 A EP14185981 A EP 14185981A EP 2851838 A1 EP2851838 A1 EP 2851838A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- security domain
- event
- arbitrary
- information related
- domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000007726 management method Methods 0.000 claims abstract description 14
- 239000000872 buffer Substances 0.000 claims description 101
- 230000008859 change Effects 0.000 claims description 11
- 230000005012 migration Effects 0.000 claims description 7
- 238000013508 migration Methods 0.000 claims description 7
- 230000004044 response Effects 0.000 claims description 6
- 238000012423 maintenance Methods 0.000 claims description 4
- 230000000875 corresponding effect Effects 0.000 description 26
- 230000006870 function Effects 0.000 description 20
- 238000010586 diagram Methods 0.000 description 11
- 238000004891 communication Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000001276 controlling effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/70—Admission control; Resource allocation
- H04L47/82—Miscellaneous aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Definitions
- the present invention relates generally to a method and apparatus for security domain management in a trusted execution environment, and more particularly, to a method and an apparatus for controlling a communication between the security domains.
- a current GlobalPlatformTM standard 1.0 defines a Trusted Execution Environment (TEE).
- FIG. 1 is a diagram illustrating an example of a TEE management structure.
- the TEE defined by the standard specifies a configuration of a security domain within the TEE to assign a security right, and manage a life cycle of trusted applications according to the assigned security right.
- Each security domain is strictly isolated, and is configured in such a manner to prevent the mutual exchange of information.
- the security domain represents each managing entity within a terminal, and may be configured in several ways.
- a typical approach is that an application mounted in the TEE executes functions on behalf of a remote rights holder.
- a terminal manufacturer may implement a built-in security domain application in the terminal, so that a lifecycle (e.g., lock, unlock, update, etc.) of the TEE and other security domains may be managed by using the built-in security domain application.
- a trusted application provider enables a security domain to be controlled under management of a specific domain or a root domain. Accordingly, when a service, such as a user terminal change or a security domain migration by a security domain manager, is performed, ally domains (i.e., a domain defined as having an association relationship with a corresponding domain) may not be able to perform a necessary service as they are not able to recognize the service.
- a service such as a user terminal change or a security domain migration by a security domain manager
- the present invention has been made address the above disadvantages and to provide at least the advantages described below.
- an aspect of the present invention is to provide a method for sharing minimum information between security domains.
- a security domain management method for managing at least one security domain in a trusted execution environment (TEE) including the at least one security domain.
- the method includes obtaining information related to an event for an arbitrary security domain when the event for the arbitrary security event is generated; and transmitting the information related to the event to at least one other security domain, wherein the information related to the event is sent via a TEE kernel.
- TEE trusted execution environment
- a Security Domain refers to an area which is logically separated to manage the applications of the TEE, where each security domain is managed independently by using a different security key.
- an ally domain refers to a domain which is defined as having an association relationship with an arbitrary domain.
- the security domains configuring the TEE may be composed of various combinations of a root security domain, a nested security domain, and forms having a specific function. Each form may have a different method of controlling a security domain and a different isolation type than another domain.
- the present invention configures a TEE to form an information channel between security domains.
- the information channel serves as a path by which minimum information, which is mutually available between the security domains, migrates.
- the information channel is provided by a kernel (i.e., TEE kernel) that controls the TEE, where the kernel may be referred to as a controller in various embodiments of the present invention.
- the TA property is designated as a null value.
- each security domain is able to directly generate and manage a specific event buffer to notify its own state, in addition to the system event buffer.
- the event buffer for a specific security domain is managed so that another security domain is only able to read, except for the security domain that manages a corresponding event buffer, and other security domains are permitted access to a corresponding event buffer via the notification service.
- a notification service registration procedure of FIG. 4 is performed when a security domain application is installed.
- the TEE kernel check a TA_property value set by a domain owner via the notification service in step 401.
- step 403 if the security domain is registered in the notification service, thereafter, the notification service notifies of information related to an event generated from an arbitrary security domain to the registered security domain according to registration information.
- step 404 when the notification service is provided, the notification service receives a modification request corresponding to the content which is automatically registered in the notification service from the security domain.
- the security domain adds or cancels the registration of the arbitrary event buffer, or requests a termination of a push notification for event information.
- step 405 when receiving the modification request, the notification service performs the notification service of the security domain according to newly registered information according to the modification request.
- FIG. 5 is a flowchart of a method of managing an event buffer by a security domain according to an embodiment of the present invention.
- the security domain application retrieves kernel property->notification_service information in step 501.
- the security domain application requests the TEE kernel to allocate a specific event buffer dedicated to the security domain application in step 502.
- the TEE kernel which received the request generates an event buffer for a corresponding security domain, and allocates the generated event buffer to a corresponding security domain.
- the security domain application generates an ally domain list corresponding to the security domain, and provides the ally domain list to the TEE kernel.
- the security domain application identifies a list of the domains that may receive the notification service in addition to the ally domain which has a relationship with the security domain application.
- the security domains registered in the ally domain list of the corresponding security domain obtain event information by accessing a corresponding event buffer, or receive event information via the TEE kernel. Then, the security domain obtains event information via an information channel provided by the TEE kernel. Thus, in the TEE according to the present invention, the security domains share event information mutually by using the information channel.
- step 504 the security domain updates and manages the ally domain list during a life time of the event buffer.
- the security domain selects/manages a security domain with which the event generation fact is shared.
- step 505 when the lift time of the event buffer is terminated, the security domain deletes the event buffer allocated to the TEE kernel, and requests release of memory.
- the TEE kernel that received the request deletes the event buffer allocated for a corresponding security domain.
- FIG. 6 is a flowchart of a method of searching a readable event buffer by a security domain according to an embodiment of the present invention.
- the security domain gets the event buffer list by requesting the event buffer list of the notification service in step 602. That is, the security domain is registered as a public type event buffer of the ally domain that has an association relationship with the security domain itself, and requests the list of event buffers to which the security domain itself is able to access.
- the notification service which received the request, returns information related to the public event buffer and event buffers allocated to the ally domain of the corresponding security domain to the security domain.
- the security domain obtains event information from the event buffers which exist in the list by using the received event buffer list. That is, the security domain directly fetches event information via an information channel by accessing the event buffer in the list, or receives event information by requesting information of the corresponding event buffers to the TEE kernel.
- FIG. 7 is a flowchart of a method of searching and registering readable event buffers by a security domain according to an embodiment of the present invention.
- the security domain application retrieves kernel_property->notification_service information in step 701.
- step 703 the security domain registers itself with the selected buffer as the ally domain by using an Interface (I/F) of the notification service.
- I/F Interface
- TEE_NotifyEvent (parameters as specified below);
- the notification may be delivered via a push or a notification service.
- FIG. 8 is a diagram illustrating an event descriptor according to an embodiment of the present invention.
- the event descriptor is configured to include a UUID of a source security domain application, an event tag, a timestamp that signifies a start and end of an effective period, and an opaque descriptor which includes other information.
- FIG. 9 is a diagram illustrating an event descriptor according to an embodiment of the present invention.
- the event descriptor is defined for an effective event scheduling between the ally domains as a simplified form of the event descriptor of FIG. 8 .
- FIG. 10 is a flowchart of a method of scheduling an event by using an effective_tag parameter between ally security domains according to an embodiment of the present invention.
- the source security domain defines an internal event subsequent to an event of the ally domains.
- the source security domain sets the effective_tag parameter to "10", and records it in the private event buffer.
- the source security domain collects the notifications of the interested ally security domains, and initiates an execution of a response event when the response is requested, in step 1020. To this end, the source security domain sets the effective_tag parameter to "00", and generates an event scheduling description to load into the private or public buffer.
- the target domain acknowledges this event, and initiates an execution of a response event, in step 1030 and step 1040.
- the target event sets the effective_tag parameter to "11", and generates an event scheduling description to load into the private or public buffer.
- FIG. 11 is a block diagram of a security domain management apparatus according to an embodiment of the present invention.
- the security domain management apparatus 1100 that performs an operation according to an embodiment of the present invention is configured to include a communication unit 1110, a controller 1120, and a storage unit 1130.
- the communication unit 1110 is configured to communicate data with an external apparatus. Via the data communication with the external apparatus, the communication unit 1110 downloads a security domain and a security application related to the security domain, or transmits to another apparatus.
- the controller 1120 controls other elements to perform an operation according to an embodiment of the present invention.
- the controller 1120 manages at least one security domain in a TEE that includes at least one security domain.
- the controller 1120 obtains information related to an event from a corresponding security domain, and delivers the information related to the event to at least one other domain.
- the controller 1120 may be a TEE kernel, may be configured to include a TEE kernel, and may deliver the information related to the event to the security domain via an information channel which is generated and provided by the TEE kernel.
- Information that can be transmitted via the information channel may be, for example, information related to scheduling, maintenance, ownership change, domain migration, a state change of a security application or another security domain related to the arbitrary security domain, or the like.
- the controller 1120 registers the security domain in the notification service when installing the security domain.
- the controller 1120 obtains property information of the security domain desired to be installed, and registers the security domain in the notification service according to the property information so that a corresponding security domain may receive event information generated from another security domain.
- the property information of the security domain may be, for example, a TA_property, and the controller 1120 may register a corresponding security domain in the notification service when the TA_property value is not null.
- the notification of event information may be implemented via a TEE_NotifyEvent function.
- the controller 1120 generates and manages an ally domain list of the security domain to which an event buffer is allocated by connecting to the event buffer.
- the controller 1120 renews a corresponding list, and stores identification information of an ally domain desired to be added in the list.
- the change/renewal of the ally domain list may be implemented by a TEE_ModifyEventBuffer function.
- the controller 1120 receives, from a security domain, a request of the event buffer list allocated to ally domains having an alliance with a corresponding security domain. In this case, the controller 1120 extracts an event buffer list, and transmits to a security domain via a TEE_GetEvenBufferList function.
- the storage unit 1130 stores at least one security domain/security application.
- the storage unit 1130 stores a program code to implement the above described function, and the controller 1120 performs the above described operation by loading a code stored in the storage unit 1130.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130113285A KR102132218B1 (ko) | 2013-09-24 | 2013-09-24 | 신뢰하는 실행 환경에서의 보안 도메인 관리 방법 및 장치 |
Publications (2)
Publication Number | Publication Date |
---|---|
EP2851838A1 true EP2851838A1 (de) | 2015-03-25 |
EP2851838B1 EP2851838B1 (de) | 2021-04-28 |
Family
ID=51627975
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP14185981.9A Active EP2851838B1 (de) | 2013-09-24 | 2014-09-23 | Verfahren und vorrichtung für sicherheitsdomänenverwaltung in einer vertrauten ausführungsumgebung |
Country Status (3)
Country | Link |
---|---|
US (1) | US10110510B2 (de) |
EP (1) | EP2851838B1 (de) |
KR (1) | KR102132218B1 (de) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108076023A (zh) * | 2016-11-16 | 2018-05-25 | 中国移动通信有限公司研究院 | 一种根安全域的创建方法、装置及终端 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2021142849A1 (zh) * | 2020-01-19 | 2021-07-22 | Oppo广东移动通信有限公司 | 安全域的配置、发现和加入方法及装置、电子设备 |
US20220006637A1 (en) * | 2021-09-16 | 2022-01-06 | Intel Corporation | File system supporting remote attestation-based secrets |
WO2023216035A1 (zh) * | 2022-05-07 | 2023-11-16 | Oppo广东移动通信有限公司 | 安全域管理方法、装置、设备、存储介质及程序产品 |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8271996B1 (en) * | 2008-09-29 | 2012-09-18 | Emc Corporation | Event queues |
Family Cites Families (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7243230B2 (en) | 2001-11-16 | 2007-07-10 | Microsoft Corporation | Transferring application secrets in a trusted operating system environment |
US7530103B2 (en) * | 2003-08-07 | 2009-05-05 | Microsoft Corporation | Projection of trustworthiness from a trusted environment to an untrusted environment |
WO2005036407A1 (ja) * | 2003-10-14 | 2005-04-21 | Matsushita Electric Industrial Co., Ltd. | コンテンツ配信方法及びコンテンツサーバ |
US8528063B2 (en) * | 2004-03-31 | 2013-09-03 | International Business Machines Corporation | Cross domain security information conversion |
US8074262B2 (en) | 2005-05-13 | 2011-12-06 | Intel Corporation | Method and apparatus for migrating virtual trusted platform modules |
US8244826B2 (en) * | 2007-10-23 | 2012-08-14 | International Business Machines Corporation | Providing a memory region or memory window access notification on a system area network |
US8127131B2 (en) * | 2008-04-10 | 2012-02-28 | Telefonaktiebolaget Lm Ericsson (Publ) | System and method for efficient security domain translation and data transfer |
US8286231B2 (en) * | 2009-01-28 | 2012-10-09 | The Boeing Company | System and method for information sharing between non-secure devices |
JP5524878B2 (ja) | 2011-02-22 | 2014-06-18 | 日立電線ネットワークス株式会社 | 検疫ネットワークシステム |
GB2499787B (en) * | 2012-02-23 | 2015-05-20 | Liberty Vaults Ltd | Mobile phone |
US8837733B2 (en) * | 2012-05-16 | 2014-09-16 | Intel Corporation | System for protection and authentication of location services with distributed security |
US8844026B2 (en) * | 2012-06-01 | 2014-09-23 | Blackberry Limited | System and method for controlling access to secure resources |
US8782423B2 (en) * | 2012-06-19 | 2014-07-15 | Microsoft Corporation | Network based management of protected data sets |
US9369867B2 (en) * | 2012-06-29 | 2016-06-14 | Intel Corporation | Mobile platform software update with secure authentication |
US8954735B2 (en) * | 2012-09-28 | 2015-02-10 | Intel Corporation | Device, method, and system for secure trust anchor provisioning and protection using tamper-resistant hardware |
CN107944271A (zh) * | 2013-03-14 | 2018-04-20 | 英特尔公司 | 到安全操作系统环境的基于上下文的切换 |
US9852299B2 (en) * | 2013-09-27 | 2017-12-26 | Intel Corporation | Protection scheme for remotely-stored data |
CN105723760B (zh) * | 2013-11-19 | 2020-09-04 | 瑞典爱立信有限公司 | 简档改变管理 |
-
2013
- 2013-09-24 KR KR1020130113285A patent/KR102132218B1/ko active IP Right Grant
-
2014
- 2014-09-23 EP EP14185981.9A patent/EP2851838B1/de active Active
- 2014-09-23 US US14/494,262 patent/US10110510B2/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8271996B1 (en) * | 2008-09-29 | 2012-09-18 | Emc Corporation | Event queues |
Non-Patent Citations (1)
Title |
---|
"GlobalPlatform Device Technology TEE System Architecture", 1 December 2011 (2011-12-01), pages 1 - 24, XP055117057, Retrieved from the Internet <URL:http://www.globalplatform.org/specificationsdevice.asp> [retrieved on 20140508] * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108076023A (zh) * | 2016-11-16 | 2018-05-25 | 中国移动通信有限公司研究院 | 一种根安全域的创建方法、装置及终端 |
CN108076023B (zh) * | 2016-11-16 | 2021-01-15 | 中国移动通信有限公司研究院 | 一种根安全域的创建方法、装置及终端 |
Also Published As
Publication number | Publication date |
---|---|
KR20150033368A (ko) | 2015-04-01 |
KR102132218B1 (ko) | 2020-07-09 |
US10110510B2 (en) | 2018-10-23 |
EP2851838B1 (de) | 2021-04-28 |
US20150089069A1 (en) | 2015-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109478134B (zh) | 用跨账户别名执行按需网络代码 | |
KR101626117B1 (ko) | 클라우드 스토리지를 제공하는 클라이언트, 중개 서버 및 방법 | |
KR102245367B1 (ko) | 무선 통신 시스템에서 특정 리소스에 대한 접근 권한을 인증하기 위한 방법 및 장치 | |
US7340522B1 (en) | Method and system for pinning a resource having an affinity to a user for resource allocation | |
KR101366965B1 (ko) | 프로세스간 통신을 통해 자원들을 공유하는 방법, 장치 및 컴퓨터 프로그램 제품 | |
CN110352401B (zh) | 具有按需代码执行能力的本地装置协调器 | |
JP6738965B2 (ja) | ネットワークサービスライフサイクル管理許可方法及び装置 | |
US10110510B2 (en) | Method and apparatus for security domain management in trusted execution environment | |
US20220263711A1 (en) | Acceleration Resource Scheduling Method and Apparatus, and Acceleration System | |
WO2014112781A1 (ko) | 무선 통신 시스템에서 접근 제어를 위한 방법 및 장치 | |
US11741022B2 (en) | Fine grained memory and heap management for sharable entities across coordinating participants in database environment | |
WO2014069968A1 (ko) | 무선 통신 시스템에서 특정 리소스에 대한 정보 갱신을 위한 방법 및 장치 | |
US20160070475A1 (en) | Memory Management Method, Apparatus, and System | |
JP5352367B2 (ja) | 仮想マシン起動端末および仮想マシン起動プログラム | |
CN109964507A (zh) | 网络功能的管理方法、管理单元及系统 | |
US9037744B2 (en) | Information processing apparatus, information processing system, message control method, and program product, storage medium | |
US20220382590A1 (en) | Cloud provider account mappings | |
WO2016179803A1 (zh) | 建立vnfm与vim之间的连接的方法、装置及系统 | |
CN110798504A (zh) | 跨区域共享服务的方法、装置、管理设备及存储介质 | |
US20210256600A1 (en) | Connector leasing for long-running software operations | |
CN114064317A (zh) | 分布式系统中的节点调用方法及相关装置 | |
US9270530B1 (en) | Managing imaging of multiple computing devices | |
JP6062809B2 (ja) | 資産管理システム及び資産管理方法 | |
KR20190074723A (ko) | 원격 컴퓨팅 서비스 제공 시스템 및 방법 | |
WO2017076129A1 (zh) | 角色颁发方法、访问控制方法及相关设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20140923 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
R17P | Request for examination filed (corrected) |
Effective date: 20150925 |
|
RBV | Designated contracting states (corrected) |
Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20171115 |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
RIN1 | Information on inventor provided before grant (corrected) |
Inventor name: KANG, BO GYEONG Inventor name: LEE, BYUNG RAE |
|
INTG | Intention to grant announced |
Effective date: 20201203 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602014076944 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 1387907 Country of ref document: AT Kind code of ref document: T Effective date: 20210515 |
|
REG | Reference to a national code |
Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG9D |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1387907 Country of ref document: AT Kind code of ref document: T Effective date: 20210428 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: NL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210728 Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210828 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210729 Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210728 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210830 Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: MP Effective date: 20210428 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602014076944 Country of ref document: DE |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20220131 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20210930 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210828 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210923 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210923 Ref country code: FR Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210930 Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210930 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210930 Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20210930 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20140923 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20230821 Year of fee payment: 10 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20230822 Year of fee payment: 10 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20210428 |